Hacker News new | past | comments | ask | show | jobs | submit login

If your ssh sever had a 0day, port knocking would protect you.



What if your port knocking monitor has a zero day?


Then ssh would protect you. The two having zero days at the same time is unlikely.


Not necessarily, imagine a port knocking monitor that stores each port attempt it sees in a large buffer. Imagine you make many attempted connections allowing you to overflow the buffer and write arbitrary data onto the heap.


Or the monitor being written in c and analyzing text in the knock messages, e.g. looks and interprets a hash


I guess that sort of depends on the nature of the zero day, huh?


That's kind of the idea Moxie had with [1].

Only 15 lines of code run as root, and they basically just tail kern.log.

[1] https://moxie.org/software/knockknock/




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: